package org.ai.demo.auth.config;

import javax.servlet.http.HttpServletResponse;

import org.springframework.context.annotation.Configuration;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.oauth2.config.annotation.web.configuration.EnableResourceServer;
import org.springframework.security.oauth2.config.annotation.web.configuration.ResourceServerConfigurerAdapter;

@Configuration
@EnableResourceServer
@Order(3)
public  class ResourceServerConfiguration extends ResourceServerConfigurerAdapter {

//	private static final String DEMO_RESOURCE_ID = "api";
//	
//    @Override
//    public void configure(ResourceServerSecurityConfigurer resources) {
//        resources.resourceId(DEMO_RESOURCE_ID).stateless(true);
//    }

    @Override
    public void configure(HttpSecurity http) throws Exception {
//        http.authorizeRequests()
//        .anyRequest()
//        .authenticated()
//        .and()
//        .requestMatchers()
//        .antMatchers("/api/**");
        
//        http
//        .csrf().disable()
//        .exceptionHandling()
//        .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
//    .and()
//        .authorizeRequests()
//        .anyRequest().authenticated();

        http
        .csrf().disable()
        .exceptionHandling()
        .authenticationEntryPoint((request, response, authException) -> response.sendError(HttpServletResponse.SC_UNAUTHORIZED))
        .and()
        .requestMatchers().antMatchers("/api/**")
        .and()
        .authorizeRequests()
        .antMatchers("/api/**").authenticated();
        
    }
}
